312-50V13 · Question #310
John, a security analyst, is analyzing a server suspected of being compromised. The attacker has used a non admin account and has already gained a foothold on the system. John discovers that a new Dyn
The correct answer is A. DLL Hijacking. An attacker achieved privilege escalation on a compromised server by loading a malicious Dynamic Link Library (DLL) that lacked a fully qualified path in the application directory, indicating a DLL Hijacking attack.
Question
Options
- ADLL Hijacking
- BNamed Pipe Impersonation
- CSpectre and Meltdown Vulnerabilities
- DExploiting Misconfigured Services
How the community answered
(16 responses)- A88% (14)
- B6% (1)
- D6% (1)
Why each option
An attacker achieved privilege escalation on a compromised server by loading a malicious Dynamic Link Library (DLL) that lacked a fully qualified path in the application directory, indicating a DLL Hijacking attack.
DLL Hijacking occurs when an application attempts to load a DLL by name without a fully qualified path, allowing an attacker to place a malicious DLL with the same name in a vulnerable search path, leading to its execution with the application's privileges.
Named Pipe Impersonation is a technique where a malicious client impersonates a higher-privileged server process using named pipes, which is distinct from loading a malicious DLL.
Spectre and Meltdown vulnerabilities are hardware-level side-channel attacks on CPU architectures used to bypass memory isolation, not a privilege escalation method involving malicious DLLs.
Exploiting Misconfigured Services involves leveraging weak permissions or improper settings in service configurations to elevate privileges, differing from the DLL loading mechanism described.
Concept tested: Privilege escalation techniques (DLL Hijacking)
Source: https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security
Topics
Community Discussion
No community discussion yet for this question.